Hp

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-7302 1Hp 1Sgi Tempo Nov 21, 2024 Jan 27, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx.
CVE-2014-7301 1Hp 1Sgi Tempo Nov 21, 2024 Jan 27, 2020 N/A· v4 6.6 MEDIUM· v3 4.6 MEDIUM· v2 SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading /etc/odapw.
CVE-2019-3683 2Hp Suse 3Helion Openstack Keystone Json AssignmentOpenstack Cloud Nov 21, 2024 Jan 17, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to...Show more The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations.Show less
CVE-2019-11997 1Hp 1Enhanced Internet Usage Manager Nov 21, 2024 Jan 16, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A potential security vulnerability has been identified in HPE enhanced Internet Usage Manager (eIUM) versions 8.3 and 9.0. The vulnerability could be used for unauthorized access to information via cross site scripting....Show more A potential security vulnerability has been identified in HPE enhanced Internet Usage Manager (eIUM) versions 8.3 and 9.0. The vulnerability could be used for unauthorized access to information via cross site scripting. HPE has made the following software updates to resolve the vulnerability in eIUM. The eIUM 8.3 FP01 customers are advised to install eIUM83FP01Patch_QXCR1001711284.20190806-1244 patch. The eIUM 9.0 customers are advised to upgrade to eIUM 9.0 FP02 PI5 or later versions. For other versions, please, contact the product support.Show less
CVE-2010-3282 3Fedoraproject HpRedhat 4389 Directory Server Directory ServerHp Ux Directory Server+1 more Nov 21, 2024 Jan 9, 2020 N/A· v4 3.3 LOW· v3 1.9 LOW· v2 389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when c...Show more 389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log.Show less
CVE-2019-6319 1Hp 8Deskjet 3630 F5s43a Firmware Deskjet 3630 F5s57a FirmwareDeskjet 3630 K4t93a Firmware+5 more Nov 21, 2024 Jan 9, 2020 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that coul...Show more HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device misconfiguration.Show less
CVE-2019-6332 1Hp 52Deskjet 2600 4uj28b Firmware Deskjet 2600 V1n01a FirmwareDeskjet 2600 V1n08a Firmware+49 more Nov 21, 2024 Jan 9, 2020 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS). Affected products and versions include: HP DeskJet 2600 Al...Show more A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS). Affected products and versions include: HP DeskJet 2600 All-in-One Printer series model numbers 4UJ28B, V1N01A - V1N08A, Y5H60A - Y5H80A; HP DeskJet Ink Advantage 2600 All-in-One Printer series model numbers V1N02A - V1N02B, Y5Z00A - Y5Z04B; HP DeskJet Ink Advantage 5000 All-in-One Printer series model numbers M2U86A - M2U89B; HP DeskJet Ink Advantage 5200 All-in-One Printer series model numbers M2U76A - M2U78B; HP ENVY 5000 All-in-One Printer series model numbers M2U85A - M2U85B, M2U91A - M2U94B, Z4A54A - Z4A74A; HP ENVY Photo 6200 All-in-One Printer series model numbers K7G18A-K7G26B, K7S21B, Y0K13D - Y0K15A; HP ENVY Photo 7100 All-in-One Printer series model numbers 3XD89A, K7G93A-K7G99A, Z3M37A - Z3M52A; HP ENVY Photo 7800 All-in-One Printer series model numbers K7R96A, K7S00A - K7S10D, Y0G42D - Y0G52B; HP Ink Tank Wireless 410 series model numbers Z4B53A - Z4B55A, Z6Z95A - Z6Z99A, 4DX94A - 4DX95A, 4YF79A, Z7A01A; HP OfficeJet 5200 All-in-One Printer series model numbers M2U75A, M2U81A-M2U84B, Z4B12A - Z4B14A, Z4B27A - Z4B29A; HP Smart Tank Wireless 450 series model numbers Z4B56A, Z6Z96A - Z6Z98A.Show less
CVE-2019-6331 1Hp 1Samsung Mobile Print Nov 21, 2024 Jan 9, 2020 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 An issue was found in Samsung Mobile Print (Android) versions prior to 4.08.007. A potential security vulnerability caused by incomplete obfuscation of application configuration information.
CVE-2019-6330 1Hp 1Access Control Nov 21, 2024 Jan 9, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A potential security vulnerability has been identified in the software solution HP Access Control versions prior to 16.7. This vulnerability could potentially grant elevation of privilege.
CVE-2019-6320 1Hp 8Deskjet 3630 F5s43a Firmware Deskjet 3630 F5s57a FirmwareDeskjet 3630 K4t93a Firmware+5 more Nov 21, 2024 Jan 9, 2020 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 Certain HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability t...Show more Certain HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K4T99C, K4U00B - K4U03B, and V3F21A - V3F22A (firmware version SWP1FN1912BR or higher) have a Cross-Site Request Forgery (CSRF) vulnerability that could lead to a denial of service (DOS) or device misconfiguration.Show less
CVE-2019-11994 1Hp 8Simplivity 2600 Gen10 Firmware Simplivity 380 Gen10 FirmwareSimplivity 380 Gen10 G Firmware+5 more Nov 21, 2024 Jan 3, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVit...Show more A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. An API is used to execute a command manifest file during upgrade does not correctly prevent directory traversal and so can be used to execute manifest files in arbitrary locations on the node. The API does not require user authentication and is accessible over the management network, resulting in the potential for unauthenticated remote execution of manifest files. For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=mmr_sf-EN_US000061901&withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience.Show less
CVE-2019-11993 1Hp 8Simplivity 2600 Gen10 Firmware Simplivity 380 Gen10 FirmwareSimplivity 380 Gen10 G Firmware+5 more Nov 21, 2024 Jan 3, 2020 N/A· v4 7.5 HIGH· v3 9.4 HIGH· v2 A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVit...Show more A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now deprecated APIs run as root, accept a file name path, and can be used to create or delete arbitrary files on the nodes. These APIs do not require user authentication and are accessible over the management network, resulting in remote availability and integrity vulnerabilities For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=mmr_sf-EN_US000061675&withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience.Show less
CVE-2019-11995 1Hp 1Universal Internet Of Things Nov 21, 2024 Dec 18, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Security vulnerabilities in HPE UIoT version 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: For customers with release UIoT 1.2.4.2 fixes are made a...Show more Security vulnerabilities in HPE UIoT version 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: For customers with release UIoT 1.2.4.2 fixes are made available with 1.2.4.2 RP3 HF1. For customers with release older than 1.2.4.2, such as 1.2.4.1, 1.2.4.0, the resolution will be to upgrade to 1.2.4.2 RP3 HF1 Customers are requested to upgrade to the updated versions or contact HPE support for further assistance.Show less
CVE-2019-11992 1Hp 1Oneview For Vmware Vcenter Nov 21, 2024 Dec 18, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A security vulnerability in HPE OneView for VMware vCenter 9.5 could be exploited remotely to allow Cross-Site Scripting.
CVE-2019-18910 1Hp 1Thinpro Nov 21, 2024 Nov 22, 2019 N/A· v4 6.8 MEDIUM· v3 4.6 MEDIUM· v2 The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with local user privileges.
CVE-2019-18909 1Hp 1Thinpro Nov 21, 2024 Nov 22, 2019 N/A· v4 8.0 HIGH· v3 7.7 HIGH· v2 The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.
CVE-2019-16287 1Hp 1Thinpro Nov 21, 2024 Nov 22, 2019 N/A· v4 6.8 MEDIUM· v3 7.2 HIGH· v2 In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the dev...Show more In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges.Show less
CVE-2019-16286 1Hp 1Thinpro Linux Nov 21, 2024 Nov 22, 2019 N/A· v4 6.8 MEDIUM· v3 4.6 MEDIUM· v2 An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands.
CVE-2019-16285 1Hp 1Thinpro Linux Nov 21, 2024 Nov 22, 2019 N/A· v4 4.6 MEDIUM· v3 2.1 LOW· v2 If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.
CVE-2019-10627 2Hp Qualcomm 422dr21d Firmware D3q15a FirmwareD3q15b Firmware+39 more Nov 21, 2024 Nov 21, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Integer overflow to buffer overflow vulnerability in PostScript image handling code used by the PostScript- and PDF-compatible interpreters due to incorrect buffer size calculation. in PostScript and PDF printers that us...Show more Integer overflow to buffer overflow vulnerability in PostScript image handling code used by the PostScript- and PDF-compatible interpreters due to incorrect buffer size calculation. in PostScript and PDF printers that use IPS versions prior to 2019.2 in PostScript and PDF printers that use IPS versions prior to 2019.2Show less

Previous 1...202122...117 Next